A massive data breach at US cloud marketing and communications outfit Epsilon may have exposed the customer e-mail addresses of some of the country's largest banks.
Epsilon, which sends 40 billion marketing e-mails annually, released a statement on Friday saying that on 30 March it detected an "unauthorised entry" into its system that exposed customer names and email addresses.
TD Ameritrade, US Bank, Citibank, JPMorgan Chase and Capital One are among a host of companies to have come forward over the weekend and admitted that customer names and e-mail contacts may have been leaked during the Epsilon attack. Financial utility groups MoneyGram and Visa were also on the receiving end of the raid.
The hacked data appears to be limited to customer names and electronic contact addresses. No personal information such as credit cards or social security numbers were accessed.
In a statement, JPMorgan says: "We are advised by Epsilon that the files that were accessed did not include any customer financial information, but are actively investigating to confirm this."
Either way, the incident is major embarrassment for Epsilon's banking clients who must contact customers and warn them to be wary of future marketing communications and potential phishing threats.
Barclays Bank of Delaware, which was also caught up in the incident, posted this message to customers: "It is possible you may receive spam email messages as a result which could potentially ask you for additional information about your account. Please note, Barclays will never ask you in an email to verify sensitive information such as your full account number, Username, Password or Social Security Number. Therefore, any email which does so should be treated suspiciously, even if it looks like it comes from Barclays. As a reminder, we urge you to be cautious when opening links or attachments from unknown third parties."